Cedarfell Portal
WF-6.11 VD6 Active v1.0

Website Infrastructure Decision

Owner: Roger Thompson · Last updated: 2026-05-13

Chooses Astro + Cloudflare Pages + Cloudflare Access as the portal delivery stack and access boundary.

WF-6.11 — Website Infrastructure Decision

Type: Vendor / architecture decision Value Driver: VD6 Financial Operations (data + delivery infrastructure) → consumers across VD1–VD5 Version: 1.0 Date: 2026-05-13 Decision owner: Roger Thompson Status: Approved — Roger Thompson, 2026-05-13 Parallel to: WF-6.7 Warehouse Engine Decision, WF-6.9 Dashboard Tool Decision (same lens applied to the delivery layer)


Summary

Recommendation: Adopt Astro + Cloudflare Pages + Cloudflare Access as the website and access layer for Cedarfell. One codebase serves two sites under different access policies:

Reject Next.js + Vercel on Vercel cost trajectory + over-build for static content; reject Hugo and Eleventy on Astro’s superior content-collection ergonomics for the SOP + KPI markdown corpus; reject Docusaurus on documentation-site framing (it’s narrower than what the portal needs); reject WordPress, Framer, Webflow, Wix, Bubble on operator-burden + git-versioning + replicability grounds. Reject Auth0, Clerk, and Supabase Auth on the basis that Cloudflare Access against Google Workspace + Cloud Identity is zero-config, $0 at our scale, and removes a vendor.

One-line rationale: Astro renders the /VD*/Workflows/*.md SOP corpus directly with zero content conversion; Cloudflare Pages hosts both sites for $0 at our scale; Cloudflare Access against the existing Google directory authenticates Roger + Vincent + Brandon + Aaliyah (all @cedarfell-logistics.com) with no third-party identity vendor; the entire stack is git-versioned, replicable per CSA in a half-day, and removes ~$2K–$5K/year of incumbent SaaS spend that competing stacks would impose.

Three-year TCO advantage over Next.js + Vercel + Auth0 (the second-most-defensible stack): approximately $10K – $25K at 1 CSA growing to $40K – $120K at 10-CSA scale, before counting Roger’s avoided operator time.


Background

Trigger. Three forces converged in the 2026-05-12 session:

  1. Data layer is ahead of consumer layer. As of 2026-05-12, 47 gold/silver views are live in MotherDuck — 15+ beyond what WF-6.8 v1.0 specified. The warehouse runs; the team can’t see it.
  2. Tool fragmentation has reached a point. The team’s daily knowledge artifacts live across /VD*/Workflows/*.md files in Cowork, scorecard xlsx workbooks in /Templates/, MotherDuck SQL views, Metabase Cloud (pending), Slack, GroundCloud, FRO, MBA, MyGroundBiz, Gusto, Tensor, and email. A BC starting the day must context-switch across six tools to ask “what should I do this morning.”
  3. External presence is a real business surface. VD1 recruiting funnel needs a /careers page (Vincent’s Q19 self-ask); Swan Island Fleet Hub needs /customers and /vendors marketing surfaces; the MBO 2035 exit narrative benefits from Cedarfell looking like a modern operator to a future buyer.

The website infrastructure decision answers: what does the team open in the morning, and what does the outside world see?

Use case. Build one codebase that serves:

Both sites ship from the same git repo. Cloudflare Pages handles deployment; Cloudflare Access enforces the access boundary on the portal subdomain only.

Operator profile (unchanged from WF-6.7 / WF-6.9). Sole owner-operator (Roger) with a corporate management background; two BCs running daily ops; one Tensor bookkeeper (Jana) + one offshore bookkeeper (Sheryl); one HR/Fleet coordinator (Aaliyah, migrating to Swan Island). No internal frontend developer, no DevOps engineer, no full-stack developer — and the operating model isn’t going to support hiring one. The website infrastructure choice must let one technical builder (Roger, occasionally Claude) produce a site the non-technical team consumes without training.

Strategic constraints.

Domain + auth context (resolved 2026-05-12).

Site scale (today → 2035 MBO horizon).

HorizonCSA countPages (internal + external)Daily active usersConcurrent peakMonthly bandwidth
Today (2026)1~50 SOPs + 7 dashboards + 5 external5–85< 1 GB
20281–3~80 SOPs + 7 dashboards + 8 external10–2010< 5 GB
20315–10~150 SOPs + 12 dashboards + 12 external30–6030< 30 GB
2035 (MBO)15–25~300 SOPs + 20 dashboards + 20 external75–15075< 100 GB

This is static-site scale at every horizon. Cloudflare Pages’ free tier covers 500 builds/month and unlimited bandwidth/requests. The architecture decision isn’t gated by traffic — it’s gated by content authoring ergonomics, replicability, and access boundary cleanliness.


Options evaluated

Frontend framework / static-site generator

Architecture. Astro is a static-first web framework with native markdown content collections, MDX support, and an “islands” architecture (ships zero JS by default; interactive components hydrate on demand). Built by the Snowpack / Skypack team; v1.0 shipped 2022; stable v4 (2024) and v5 (2025). Cloudflare Pages is a managed static-host + edge functions platform with free-tier unlimited bandwidth and 500 builds/month.

Stack.

Operator fit. Excellent for the SOP corpus — markdown files in /VD*/Workflows/*.md become portal pages directly. New SOP authored in Cowork → drop in folder → next build deploys it. No CMS to operate, no database to back up.

Option B — Next.js + Vercel (or Cloudflare Pages)

Architecture. Next.js is React-based, ships with MDX support, integrates with Vercel (the company that builds Next.js) for first-class deployment. Mature ecosystem; very heavily used in 2026.

Stack.

Operator fit. More than we need. Next.js shines for server-rendered React apps with dynamic data; the portal is a static-rendered SOP corpus plus iframe-embedded dashboards. Next.js’s complexity (App Router, Server Components, edge runtime nuances) is operator burden Cedarfell doesn’t need.

Option C — Hugo

Architecture. Go-based static site generator. Famously fast builds. Mature ecosystem since 2014.

Stack.

Operator fit. Good for traditional blog/docs sites. Content authoring ergonomics weaker than Astro for our shape — Astro’s content collections + schema validation catch errors at build time (e.g., a SOP that’s missing its owner front matter fails the build). Hugo handles this via shortcodes and partials, less elegantly. Hugo’s templating language (Go templates) has a steeper learning curve than Astro’s component syntax for anyone who might collaborate later.

Option D — Eleventy (11ty)

Architecture. Node-based, “the unframework,” 2017. Embraces simplicity; multi-templating-engine support.

Stack.

Operator fit. Minimalist by design. Less ecosystem momentum than Astro post-2023 — Astro overtook Eleventy as the default static-first framework choice. Eleventy still ships and is well-maintained, but the community + plugin density favors Astro for any non-trivial site.

Option E — Docusaurus

Architecture. Meta/Facebook-built, React-based, designed specifically for documentation sites.

Stack.

Operator fit. Excellent for documentation; too narrowly scoped for the portal we need. Docusaurus assumes “this site IS the docs.” We need the portal to be docs + dashboards + decisions + handbook + landing pages — five different surface types with shared navigation. Astro flexes across all five.

Option F — WordPress

Architecture. PHP + MySQL CMS. Powers ~40% of the web. Mature, plugin-rich.

Stack.

Operator fit. Wrong shape for Cedarfell. WordPress is a content management system with database-backed posts and pages — content authoring happens inside WordPress, not in git. Our SOPs already live in markdown in Cowork. Importing them into WordPress means losing the git audit trail, the Cowork edit workflow, and the Claude/AI assistance pattern. Plus WordPress requires database hosting, plugin update vigilance, and security hardening — operator burden Cedarfell can’t carry.

Option G — Framer / Webflow

Architecture. Visual site builders. Drag-and-drop design, managed hosting, internal CMS.

Stack.

Operator fit. Great for design-led marketing sites; wrong for SOP corpus. Cedarfell’s SOPs are written content that should remain in markdown. A visual builder loses the markdown source-of-truth and the git workflow. Either tool would work for the external site alone, but maintaining two stacks (one for external, one for internal) doubles operator burden and breaks the replicability story.

Option H — Wix

Architecture. Hosted visual site builder, opinionated, mass-market.

Stack.

Operator fit. Bottom-tier fit. Wix is for small businesses with no developer and no content workflow. Cedarfell has a content workflow (Cowork → markdown → git) and benefits from version control on every change. Wix would force re-authoring SOPs inside Wix’s editor. Hard pass.

Option I — Bubble

Architecture. No-code application builder. Database + workflows + UI all visual.

Stack.

Operator fit. Wrong category. Bubble is for building applications, not content sites. We have an application layer (Metabase, the warehouse, the parsers); we need a content + delivery layer. Bubble overlaps zero with the actual need.


Hosting (separate axis)

Pricing. Free tier: 500 builds/month, unlimited bandwidth + requests, unlimited collaborators on the free plan, custom domains, automatic HTTPS, preview deployments per branch. Workers Paid plan ($5/mo) adds more build minutes and Workers compute if needed.

Operator fit. Excellent — and integrates natively with Cloudflare Access, which is the auth boundary we want anyway. One vendor for hosting + auth + CDN + DNS (if we move nameservers).

Option β — Vercel

Pricing. Hobby tier free for personal use only; commercial use requires Pro at $20/user/mo. Bandwidth metering kicks in: 1 TB included on Pro, ~$0.15/GB overage. At Cedarfell’s scale today bandwidth is moot, but at 25-CSA scale Vercel could become a $1K–$3K/yr line item.

Operator fit. Best Next.js experience by far (Vercel = Next.js’s creators). Excellent DX. Cost trajectory is the concern — Vercel’s growth-stage pricing pressure has been documented in 2024–2026; Cloudflare Pages stays free at our scale.

Option γ — Netlify

Pricing. Free tier covers small projects; Pro $19/user/mo; bandwidth metered at 100 GB free, $55/100 GB after. Build minutes capped on free tier.

Operator fit. Good. Cost trajectory same concern as Vercel — bandwidth-and-seats pricing model penalizes growth.

Option δ — AWS S3 + CloudFront

Pricing. S3 ~$0.023/GB + CloudFront ~$0.085/GB outbound at typical tiers. At 100 GB/mo (25-CSA scale) ~$10/mo. Sub-$5/mo at 1 CSA.

Operator fit. Cheapest at scale; highest operator burden. Requires AWS IAM, S3 bucket policies, CloudFront distribution config, cache invalidation discipline, OAI / OAC setup for private access. Same DevOps burden penalty WF-6.7 applied to Redshift. Hard pass on consistency grounds.

Option ε — GitHub Pages

Pricing. Free.

Operator fit. No native auth boundary — GitHub Pages serves public sites only. To protect the portal we’d need to deploy private content separately or front it with Cloudflare Access via a workaround. Better to use Cloudflare Pages directly and skip the workaround.


Authentication (separate axis)

Architecture. Cloudflare Access (part of Cloudflare’s Zero Trust platform) gates any Cloudflare-fronted domain or subdomain. Configure once: identity provider = Google; allowed = @cedarfell-logistics.com plus an exception list of explicit external emails. Users hitting portal.cedarfell-logistics.com see a Google sign-in prompt, then the portal. Sessions are JWT-based, configurable duration (default 24 hours).

Pricing. Free tier covers up to 50 users. Beyond 50 users: $7/user/mo on Zero Trust Pay-As-You-Go. At Cedarfell’s 1-CSA scale: $0. At 10-CSA scale with ~30 users: $0 (still under 50). At 25-CSA scale with ~75 users: ~$200/mo = $2,400/yr.

Operator fit. Zero-config integration with Google Workspace + Cloud Identity. Both Workspace and Cloud Identity users authenticate via the same Google OIDC flow. Aaliyah’s Cloud Identity is treated identically to Roger’s Workspace identity. Exception list (Jana, Sheryl) is two clicks in the Cloudflare dashboard.

Why this beats every third-party auth tool for Cedarfell: the identity directory already exists (Google Workspace + Cloud Identity), Cloudflare already gates the domain (Cloudflare Pages hosts the portal), and the integration is OIDC-standard. Adding Auth0/Clerk/Supabase Auth would mean (a) a new vendor relationship, (b) a new user-management UI to maintain, (c) duplicate identity records, and (d) a per-user cost trajectory that worsens as Cedarfell grows.

Option II — Auth0

Architecture. Okta-owned managed identity platform. Industry standard for SaaS.

Pricing. Free tier covers 7,500 active users (B2C plan) — generous on raw numbers but enterprise SSO features that we’d want (custom domains, advanced policies) start at the Essentials plan ~$240/mo at 1,000 users. B2B SSO plans escalate quickly.

Operator fit. Excellent product. Wrong product for this use case — we don’t need Auth0’s customer identity capabilities; we need to verify “this person belongs to Cedarfell.” Cloudflare Access already does that against the existing Google directory for $0.

Option III — Clerk

Architecture. Developer-friendly auth-as-a-service. Pre-built UI components; React-first.

Pricing. Free tier 10,000 monthly active users; Pro $25/mo + per-user fees beyond included tier.

Operator fit. Good for SaaS apps with end-user signup flows. Same wrong-shape problem as Auth0 — Cedarfell doesn’t have a user signup flow; users are pre-defined Cedarfell employees + Tensor bookkeepers.

Option IV — Supabase Auth

Architecture. Open-source Firebase alternative. Auth is one component of a larger Postgres-backed platform.

Pricing. Free tier covers 50,000 monthly active users; Pro $25/mo.

Operator fit. Pulls Cedarfell into the Supabase ecosystem (database, storage, edge functions). Over-build for an auth-only need. If we ever need a real backend application (we don’t), Supabase becomes interesting. For website auth: redundant with Cloudflare Access.

Option V — NextAuth.js / Auth.js (self-host)

Architecture. Open-source auth library, framework-integrated.

Pricing. $0.

Operator fit. Requires building + maintaining the auth wiring. Cloudflare Access is configuration, not code. Hard skip.


Cost analysis (Total Cost of Ownership)

All figures USD/year unless noted. Mid-range vendor pricing as of 2026-05.

TCO at 1 CSA (today)

ComponentAstro + CF Pages + CF Access (Recommended A+α+I)Next.js + Vercel + Auth0 (B+β+II)Hugo + Netlify + Clerk (C+γ+III)WordPress + managed host (F)
Framework license$0 (OSS)$0 (OSS)$0 (OSS)$0 (OSS)
Hosting (annual)$0 (CF Pages free)$240 (Vercel Pro × 1 seat × 12 mo)$228 (Netlify Pro × 1 seat × 12 mo)$600 (WP Engine Startup)
Auth$0 (CF Access free ≤50 users)$2,880 (Auth0 Essentials small tier)$300 (Clerk Pro)$0 (WP user system) or $500 (membership plugin)
DNS / CDN$0 (Cloudflare free)$0 if on Vercel; $20 if on CF$0 if on Netlify$0
SSL$0 (auto)$0$0included
Implementation (one-time, Roger time)~$3K (1.5 wk)~$5K (Next + Auth0 integration)~$3K~$6K (theme + plugins + content migration)
Content migration (markdown → site)~$0 (markdown native)~$1K (MDX wiring)~$500~$3K (markdown → WordPress posts)
Training (BCs + Aaliyah)~$0 (browse + bookmark)~$0~$0~$1K (WP login + nav)
Year 1 total~$3K~$9.1K~$4K~$11.1K
Year 2+ run-rate$0/yr~$3.1K/yr~$528/yr~$1.1K/yr

TCO at 5 CSAs (portfolio, ~2030)

ComponentA+α+IB+β+IIC+γ+IIIF
Hosting (run-rate)$0 (still free tier)$1,200 (Vercel 5 seats)$1,140 (Netlify 5 seats)$3,000 (5 WP sites)
Auth (run-rate)$0 (≤ 30 users, free tier)$3,600 (Auth0 mid tier)$600 (Clerk per-CSA)$2,500
Per-CSA setup amortized$3K × 5 / 3yr = $5K$5K × 5 / 3yr = $8.3K$3K × 5 / 3yr = $5K$6K × 5 / 3yr = $10K
Run-rate annual (mid)~$5K (all setup amortization)~$13K~$7K~$15.5K

TCO at 10 CSAs (~2031)

ComponentA+α+IB+β+IIC+γ+IIIF
Hosting$0 – $60 (CF Pages stays free; Workers Paid optional)$2.4K$2.3K$6K
Auth$0 – $1K (Zero Trust if >50 users)$6K$1.2K$5K
Run-rate annual~$1K – $3K~$15K – $20K~$8K – $12K~$25K

TCO at 25 CSAs (MBO 2035 exit)

ComponentA+α+IB+β+IIC+γ+IIIF
Hosting$0 – $200 (CF Pages still free; Workers Paid likely by now)$6K – $10K$5K – $10K$15K
Auth$2K – $4K (Cloudflare Zero Trust Pay-As-You-Go at ~75 users)$20K – $40K (Auth0 enterprise)$5K – $10K$10K
Run-rate annual~$3K – $6K~$30K – $50K~$15K – $25K~$30K – $50K

Cumulative 2026–2035 (delta retained as margin vs. Next.js + Vercel + Auth0)

Mid-case projection weighted by likely CSA trajectory:

The savings compound because each new CSA adds zero hosting cost and zero auth cost on the recommended stack until we cross ~50 users (~10 CSAs).


Risk assessment

#RiskLikelihoodImpactMitigation
1Astro project loses momentum or pivotsLowLowAstro is a content layer; SOPs are plain markdown. Migration to any other SSG (Eleventy, Next.js, Hugo) is content-portable in days, not weeks.
2Cloudflare Pages introduces breaking changes or paywalls features we depend onLowLowCloudflare’s pricing trajectory has been operator-friendly since 2022; free tier has expanded, not contracted. Cloudflare Pages is functionally identical to a static-file server; we can self-host on any CDN with a one-day migration.
3Cloudflare Access policy misconfiguration locks team out of portalMediumMediumMitigation: documented Cloudflare Access policy in WF-6.12; staged rollout (Roger → Vincent + Brandon → Aaliyah → Jana + Sheryl); recovery path is editing the policy in the Cloudflare dashboard (Roger retains admin). Bypass token in Cloudflare for break-glass access.
4Cloudflare Access free tier (≤50 users) gets paywalled or reducedLowMediumMitigation: even at $7/user/mo paid tier, 75 users = ~$6K/yr — within the right-sized envelope. Migrate to Cloudflare Zero Trust Pay-As-You-Go when triggered.
5Google Workspace or Cloud Identity disruption breaks portal authLowHighMitigation: Cloudflare Access supports multiple identity providers simultaneously. Add a backup IdP (e.g., one-time-password via email, or a second OIDC like GitHub Org) before MBO horizon for redundancy.
6DNS migration to Cloudflare introduces outageLowMediumMitigation: WF-6.12 documents both paths (Cloudflare-native vs nameserver migration vs CNAME). Plan migration during low-traffic hours; monitor propagation; keep TTLs low pre-cutover.
7BCs find the portal harder to use than current ad-hoc folder accessMediumHighMitigation: portal-first sequencing (per Roger 2026-05-12) — build the Daily BC Dashboard view as the first portal landing experience. Validate with Vincent + Brandon during real morning operations before rolling out further.
8SOP markdown format drift breaks Astro content collection schemasLowLowMitigation: Astro fails the build loudly when a markdown file violates schema. Roger sees the error before the site updates. Schema is enforced in src/content/config.ts.
9Dashboard iframe embedding from Metabase Cloud Starter is too limited (static only)MediumMediumMitigation: Metabase Cloud Starter ships with static iframes only; Pro adds interactive embedding. WF-6.10 plan handles trade-off (Starter at 1 CSA + upgrade to Pro at 5 CSAs per WF-6.9). For now, static iframes are sufficient — BCs read; they don’t filter.
10Lock-in to Cloudflare ecosystem (Pages + Access + DNS)LowLowMitigation: every component is replaceable independently. Move hosting to any static host (one-day migration); move auth to any OIDC provider (configuration change); move DNS to any registrar (nameserver edit). Lock-in shape is configuration, not code or data.
11Replicability claim fails — new CSA owner can’t clone the repoLowMediumMitigation: WF-6.12 ships an explicit per-CSA replication recipe. First test of the replication recipe runs on a dev branch (csa-template) before any real expansion event.
12Compliance / audit need surfaces requiring SOC 2 attestation on the website layerLowLowMitigation: Cloudflare is SOC 2 Type II. If a future contract or buyer asks, the attestation is available.

Aggregate risk. Option A+α+I presents the lowest aggregate risk of any combination evaluated. The only meaningful risks are #3 (auth misconfiguration, mitigated by staged rollout) and #7 (BC adoption, mitigated by portal-first sequencing). Both are operational risks the team can manage.


Performance considerations

Page load. Cloudflare Pages serves static HTML from edge POPs globally. Time-to-first-byte under 100 ms in North America. Astro ships zero JavaScript by default — page loads are HTML + CSS only unless an interactive component is on the page. Average portal page load: < 1 second.

Build times. Astro builds ~50 pages in under 10 seconds locally; production build on Cloudflare Pages typically ~30–90 seconds for the size of corpus we’ll have. 500 builds/month free tier covers ~16 deploys/day — more than enough headroom.

Dashboard latency. Iframe-embedded Metabase dashboards load from cedarfell.metabaseapp.com (or the custom domain we configure later). Latency is whatever Metabase Cloud delivers (~1–3 seconds for a typical Daily BC dashboard page per WF-6.9). Cloudflare doesn’t gate the iframe load — Metabase serves the dashboard directly to the browser, sharing the user’s session.

Auth latency. Cloudflare Access redirects unauthenticated users to Google sign-in (~500 ms round trip) and then back to the portal. After sign-in, the JWT cookie persists for 24 hours by default — subsequent page loads have no auth latency. Acceptable for the morning-bookmark use case.

Mobile. Astro renders the same HTML to mobile and desktop. Tailwind (if adopted) makes responsive layouts trivial. BCs checking the portal from phones at the belt — supported.


Strengths and concerns per option

Strengths

Concerns

Option B — Next.js + Vercel + Auth0

Strengths

Concerns

Option C — Hugo + Netlify + Clerk

Strengths

Concerns

Option D — Eleventy

Strengths

Concerns

Option E — Docusaurus

Strengths

Concerns

Option F — WordPress

Strengths

Concerns

Option G — Framer / Webflow

Strengths

Concerns

Option H — Wix

Strengths

Concerns

Option I — Bubble

Strengths

Concerns


Recommendation

Proceed with Option A + α + I — Astro + Cloudflare Pages + Cloudflare Access (Google IdP).

This decision optimizes for what matters at Cedarfell’s scale and trajectory: markdown-native authoring (preserves the Cowork workflow and the existing SOP corpus), zero-config auth against the identity directory we already pay for, $0 hosting at our scale, replicable per CSA without specialized skills, and lock-in shape that’s configuration-level rather than code-level. Open-source escape hatches limit Cloudflare-specific risk to near-zero.

Reject Options B (Next.js + Vercel + Auth0), C (Hugo + Netlify + Clerk), D (Eleventy), E (Docusaurus) as competent but over-built or under-fitted relative to Astro for our specific content shape and operator profile.

Reject Options F (WordPress), G (Framer/Webflow), H (Wix), I (Bubble) on operator-burden + git-workflow + cost-trajectory grounds.

Reject Auth0, Clerk, Supabase Auth, NextAuth as redundant with Cloudflare Access against the Google directory Cedarfell already maintains.


Negotiation points (Cloudflare + Google specifically)

When subscribing to / configuring these vendors:

  1. Cloudflare free tier headroom. Confirm Pages free tier covers 500 builds/month, unlimited bandwidth, unlimited collaborators. Cedarfell stays inside the free tier through 10-CSA scale.
  2. Cloudflare Access free tier headroom. Confirm 50-user free tier. At 75+ users (likely past 15-CSA scale), Zero Trust Pay-As-You-Go at $7/user/mo is the next tier.
  3. Cloudflare Registrar. If we move the domain to Cloudflare Registrar, we get at-cost domain renewal (no markup over wholesale). Migration is one-time and saves $5–15/yr vs typical retail registrars.
  4. Google Workspace seat audit. Confirm Vincent + Brandon are on Workspace (likely $6/user/mo Business Starter) vs Cloud Identity (free). If they’re on Workspace and only need email + identity, downgrade-to-Cloud-Identity is worth ~$144/yr savings — but Workspace’s other features (Drive, Calendar, Meet) may be worth keeping.
  5. Aaliyah Cloud Identity status. Confirm she’s on Cloud Identity Free (no cost) or Cloud Identity Premium ($6/user/mo). Free is sufficient for our auth use case.
  6. Cloudflare Access bypass token. Configure a break-glass access path (e.g., Roger’s home IP allowlisted + a service token for emergency access) before launch. Documented in WF-6.12.
  7. Cloudflare SOC 2 attestation. Available under NDA. Request before any future buyer or contract review (MBO 2035 narrative).

Implementation impact

The following artifacts will be created or updated based on this decision:

ArtifactChange
WF-6.12 Internal Portal Build Plan (proposed)New doc: route inventory, content migration approach, auth setup, dashboard embedding strategy, per-CSA replication recipe. Anchors to Astro + Cloudflare Pages + Cloudflare Access.
WF-6.10 Dashboard Layer Plan (proposed)New doc: per-dashboard scope, build sequence, distribution channel. References this decision for embedding strategy.
WF-6.6 Dashboard Operations SOP (proposed)New doc once portal is operational: portal ownership, edit rights, change-management.
WF-6.4 Scorecard Data Acquisition Plan (v1.2 update)Phase 3 section updated to reference portal /dashboards route as the consumer surface for embedded Metabase dashboards.
Memory: project_website_infrastructure.mdUpdate status — stack approved 2026-05-13.
Decisions-Log.mdNew entry for this decision.
MEMORY.mdUpdate index entry for website infrastructure (status → approved).

The dev repo (cedarfell-warehouse) doesn’t change from this decision — the warehouse layer is unaffected. The portal is a new repo (cedarfell-portal working name) that lives separately and embeds Metabase dashboards by URL.


Decision and sign-off

RoleNameDecisionDate
Decision ownerRoger ThompsonApproved Option A (Astro + Cloudflare Pages + Cloudflare Access)2026-05-13
Primary consumer (BC)Vincent TabletInformational
Primary consumer (BC)Brandon FankhauserInformational
HR / FleetAaliyah MonetInformational
Financial consumerJana (Tensor)Informational
Financial consumerSheryl (Tensor)Informational

Cross-references


Change log

VersionDateAuthorChange
1.02026-05-13Roger Thompson (with Claude)Initial decision. Selected Astro + Cloudflare Pages + Cloudflare Access (Google IdP). Rejected Next.js+Vercel+Auth0, Hugo+Netlify+Clerk, Eleventy, Docusaurus, WordPress, Framer, Webflow, Wix, Bubble, Supabase Auth, NextAuth. TCO across 1/5/10/25-CSA scales. Cumulative 10-year margin retention vs Next.js+Vercel+Auth0 estimated $85K–$170K.
1.02026-05-13Roger ThompsonAPPROVED Option A (Astro + Cloudflare Pages + Cloudflare Access). Status: Proposed → Approved. Unblocks WF-6.12 + WF-6.10 build.

Appendix A — Reference architecture (target state)

                              ┌──────────────────────────────────────────────┐
                              │   GIT REPOSITORY  `cedarfell-portal`         │
                              │   (one repo, both sites)                     │
                              │   ─────────────────                          │
                              │   src/content/                               │
                              │     sops/         ← reads /VD*/Workflows/    │
                              │     kpis/         ← reads /Strategic/        │
                              │     decisions/    ← reads /VD*/Data/         │
                              │     handbook/                                │
                              │   src/pages/                                 │
                              │     index.astro                              │
                              │     dashboards.astro  ← Metabase iframes     │
                              │     customers.astro    (external)            │
                              │     vendors.astro      (external)            │
                              │     careers.astro      (external)            │
                              │     about.astro        (external)            │
                              │   astro.config.mjs                           │
                              │   src/content/config.ts                      │
                              └──────────┬───────────────────────────────────┘
                                         │ git push → Cloudflare Pages build

                              ┌──────────────────────────────────────────────┐
                              │   CLOUDFLARE PAGES                           │
                              │   ────────────────                           │
                              │   Auto-build on push                         │
                              │   Static asset CDN (global edge)             │
                              │   Custom domain wiring                       │
                              └──────────┬───────────────────────────────────┘

                ┌────────────────────────┴──────────────────────────┐
                ▼                                                   ▼
   ┌──────────────────────────────────┐         ┌────────────────────────────────────┐
   │  cedarfell-logistics.com         │         │  portal.cedarfell-logistics.com    │
   │  (PUBLIC external site)          │         │  (PROTECTED internal portal)       │
   │                                  │         │   ↑                                │
   │  /         landing               │         │   │ Cloudflare Access              │
   │  /customers                      │         │   │   ─────────────                │
   │  /vendors                        │         │   │  Identity Provider:            │
   │  /careers   (lead capture)       │         │   │    Google Workspace            │
   │  /about                          │         │   │    Google Cloud Identity       │
   │                                  │         │   │  Policy:                       │
   │  No auth                         │         │   │    Allow @cedarfell-logistics  │
   │  SEO-indexable                   │         │   │    + jana@tensor + sheryl@tensor│
   │                                  │         │   ▼                                │
   │                                  │         │  /          team home              │
   │                                  │         │  /dashboards   (Metabase iframes) │
   │                                  │         │  /sops                             │
   │                                  │         │  /kpis                             │
   │                                  │         │  /decisions                        │
   │                                  │         │  /handbook                         │
   └──────────────────────────────────┘         └────────────────────────────────────┘

                                                              │ iframe embed

                                                  ┌─────────────────────────┐
                                                  │  METABASE CLOUD         │
                                                  │  ────────────           │
                                                  │  Dashboards (per WF-6.9)│
                                                  │  Queries against        │
                                                  │  MotherDuck (WF-6.7)    │
                                                  └─────────────────────────┘

Appendix B — Per-CSA replication pattern

A new CSA owner buying into the Cedarfell playbook gets a working portal in under half a day:

  1. Clone repo. git clone cedarfell-portal csa-name-portal
  2. Repoint content. Update src/content/config.ts glob paths to read from their own /VD*/Workflows/*.md. Update astro.config.mjs site URL.
  3. Create Cloudflare Pages project. Connect to GitHub; auto-deploy main branch. ~5 minutes.
  4. Add custom domains. Add csa-name.com apex + portal.csa-name.com subdomain in Cloudflare Pages dashboard. ~5 minutes.
  5. Configure Cloudflare Access policy. Add the portal subdomain as a protected application. Identity provider = Google. Allowed = @csa-name.com directory + any exception list emails. ~10 minutes.
  6. Connect Metabase Cloud. Either share existing Metabase Pro workspace via a CSA-scoped collection, or subscribe to a new Metabase Cloud Starter for that CSA. Embed dashboard URLs in /dashboards.astro. ~30 minutes.
  7. DNS. Point the new domain’s nameservers at Cloudflare. ~10 minutes (plus propagation).
  8. Test. Visit portal subdomain → auth flow works → SOPs render → dashboards load. ~30 minutes.

Total per-CSA setup: half a day. Total per-CSA cost: $0 hosting + $0 auth (until 50-user threshold) + Metabase Cloud subscription (~$1K/yr per WF-6.9).

This directly satisfies STR.EXIT.04 (Playbook replicability score) — every CSA has the same portal architecture, the same auth model, and the same dashboards.


Appendix C — Vendor financial stability snapshot

VendorFoundedStatus (as of 2026-05)Notes
Astro (The Astro Foundation)2021Independent OSS project; commercial sponsor Astro Studio (acquired by Netlify and shut down 2025, framework continues)Strong community; v5 (2025) shipped well. Framework decoupled from any single company since 2025.
Cloudflare2009Public company (NYSE: NET), market cap ~$50BNo vendor financial risk. Free-tier pricing trajectory has been operator-friendly since 2022.
Google (Workspace + Cloud Identity)n/aPublic company; identity directory backboneNo vendor financial risk. Cloud Identity Free has been stable since 2017.
Vercel2015Series E (2024); ~$3B valuationHealthy company; concern is pricing trajectory, not viability.
Netlify2014Series D (2022); ~$2B valuationHealthy company; same concern as Vercel on pricing trajectory.
Auth0 (Okta)2013 (acquired 2021)Public company (NASDAQ: OKTA)No vendor financial risk. Pricing trajectory concern.
Automattic (WordPress.com)2005Private, profitableNo vendor financial risk.

Concentration risk note. Cloudflare is the consolidated dependency in the recommended stack (Pages + Access + DNS). The mitigation: each component is replaceable independently. Hosting can move to any static host in a day. Auth can move to any OIDC provider in an afternoon. DNS can move to any registrar in an hour. The data layer (MotherDuck, per WF-6.7) and the BI layer (Metabase Cloud, per WF-6.9) sit entirely outside Cloudflare and aren’t affected by any Cloudflare-side event.